21#ifndef G_SSL_OPENSSL_H
22#define G_SSL_OPENSSL_H
28#include <openssl/ssl.h>
29#include <openssl/err.h>
30#include <openssl/rand.h>
31#include <openssl/conf.h>
32#include <openssl/evp.h>
33#include <openssl/md5.h>
34#include <openssl/sha.h>
35#include <openssl/hmac.h>
41#if OPENSSL_VERSION_NUMBER < 0x10100000L
42#error "openssl is too old"
44#ifndef GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS
45#if OPENSSL_VERSION_NUMBER >= 0x30000000L
46#define GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS 0
48#define GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS 1
89 std::string str()
const ;
101 using Fn =
const SSL_METHOD *(*)() ;
103 Fn fn(
bool server ) ;
108 bool noverify()
const ;
112 static int map(
int ,
int ) ;
119 long m_options_set {0L} ;
120 long m_options_reset {0L} ;
131 std::string str()
const ;
143 explicit Error(
const std::string & ) ;
144 Error(
const std::string & ,
unsigned long ) ;
145 Error(
const std::string & ,
unsigned long ,
const std::string & path ) ;
146 static void clearErrors() ;
149 static std::string text(
unsigned long ) ;
155class GSsl::OpenSSL::ProfileImp :
public Profile
160 ProfileImp(
const LibraryImp & ,
bool is_server_profile ,
const std::string & key_file ,
161 const std::string & cert_file ,
const std::string & ca_file ,
162 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
163 const std::string & profile_config ) ;
164 ~ProfileImp()
override ;
165 SSL_CTX * p()
const ;
166 const LibraryImp & lib()
const ;
167 const std::string & defaultPeerCertificateName()
const ;
168 const std::string & defaultPeerHostName()
const ;
169 void apply(
const Config & ) ;
172 std::unique_ptr<ProtocolImpBase>
newProtocol(
const std::string & ,
const std::string & )
const override ;
175 ProfileImp(
const ProfileImp & ) = delete ;
176 ProfileImp( ProfileImp && ) = delete ;
177 ProfileImp & operator=(
const ProfileImp & ) = delete ;
178 ProfileImp & operator=( ProfileImp && ) = delete ;
181 static void check(
int ,
const std::string & ,
const std::string & = {} ) ;
182 static int verifyPass(
int , X509_STORE_CTX * ) ;
183 static int verifyPeerName(
int , X509_STORE_CTX * ) ;
184 static std::string name( X509_NAME * ) ;
185 static void deleter( SSL_CTX * ) ;
188 const LibraryImp & m_library_imp ;
189 const std::string m_default_peer_certificate_name ;
190 const std::string m_default_peer_host_name ;
191 std::unique_ptr<SSL_CTX,std::function<void(SSL_CTX*)>> m_ssl_ctx ;
197class GSsl::OpenSSL::LibraryImp :
public LibraryImpBase
202 LibraryImp(
G::StringArray & library_config , Library::LogFn ,
bool verbose ) ;
203 ~LibraryImp()
override ;
204 Config config()
const ;
205 bool noverify()
const ;
207 Library::LogFn log()
const ;
208 bool verbose()
const ;
210 static std::string credit(
const std::string & prefix ,
const std::string & eol ,
const std::string & eot ) ;
211 static std::string sid() ;
214 void addProfile(
const std::string & name ,
bool is_server_profile ,
215 const std::string & key_file ,
const std::string & cert_file ,
const std::string & ca_file ,
216 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
217 const std::string & profile_config )
override ;
218 bool hasProfile(
const std::string & )
const override ;
219 const GSsl::Profile & profile(
const std::string & )
const override ;
220 std::string id()
const override ;
222 Digester digester(
const std::string & ,
const std::string & ,
bool )
const override ;
225 LibraryImp(
const LibraryImp & ) = delete ;
226 LibraryImp( LibraryImp && ) = delete ;
227 LibraryImp & operator=(
const LibraryImp & ) = delete ;
228 LibraryImp & operator=( LibraryImp && ) = delete ;
231 static void cleanup() ;
234 using Map = std::map<std::string,std::shared_ptr<ProfileImp>> ;
235 std::string m_library_config ;
236 Library::LogFn m_log_fn ;
246class GSsl::OpenSSL::ProtocolImp :
public ProtocolImpBase
249 using Result = Protocol::Result ;
250 using Error = OpenSSL::Error ;
251 using Certificate = OpenSSL::Certificate ;
252 using CertificateChain = OpenSSL::CertificateChain ;
254 ProtocolImp(
const ProfileImp & ,
const std::string & ,
const std::string & ) ;
255 ~ProtocolImp()
override ;
256 std::string requiredPeerCertificateName()
const ;
262 Result
read(
char * buffer , std::size_t buffer_size , ssize_t & read_size )
override ;
263 Result
write(
const char * buffer , std::size_t size_in , ssize_t & size_out )
override ;
266 std::string
protocol()
const override ;
267 std::string
cipher()
const override ;
271 ProtocolImp(
const ProtocolImp & ) = delete ;
272 ProtocolImp( ProtocolImp && ) = delete ;
273 ProtocolImp & operator=(
const ProtocolImp & ) = delete ;
274 ProtocolImp & operator=( ProtocolImp && ) = delete ;
277 int error(
const char * ,
int )
const ;
281 static Result convert(
int ) ;
282 static void clearErrors() ;
283 void logErrors(
const std::string & op ,
int rc ,
int e ,
const std::string & )
const ;
285 static void deleter( SSL * ) ;
288 std::unique_ptr<SSL,std::function<void(SSL*)>> m_ssl ;
289 Library::LogFn m_log_fn ;
291 bool m_fd_set {
false} ;
292 std::string m_required_peer_certificate_name ;
293 std::string m_peer_certificate ;
294 std::string m_peer_certificate_chain ;
295 bool m_verified {
false} ;
304 DigesterImp(
const std::string & ,
const std::string & ,
bool ) ;
305 ~DigesterImp()
override ;
308 void add( std::string_view )
override ;
309 std::string
value()
override ;
310 std::string
state()
override ;
311 std::size_t
blocksize() const noexcept override ;
312 std::
size_t valuesize() const noexcept override ;
313 std::
size_t statesize() const noexcept override ;
316 DigesterImp( const DigesterImp & ) = delete ;
317 DigesterImp( DigesterImp && ) = delete ;
318 DigesterImp & operator=( const DigesterImp & ) = delete ;
319 DigesterImp & operator=( DigesterImp && ) = delete ;
322 enum class Type { Md5 , Sha1 , Sha256 , Other } ;
323 Type m_hash_type {Type::Other} ;
324 #if GCONFIG_HAVE_OPENSSL_HASH_FUNCTIONS
327 SHA256_CTX m_sha256 {} ;
329 EVP_MD_CTX * m_evp_ctx {
nullptr} ;
330 std::size_t m_block_size {0U} ;
331 std::size_t m_value_size {0U} ;
332 std::size_t m_state_size {0U} ;
A base interface for GSsl::Digester pimple classes.
virtual std::string state()=0
Implements Digester::state().
virtual std::size_t blocksize() const noexcept=0
Implements Digester::blocksize().
virtual std::string value()=0
Implements Digester::value().
virtual void add(std::string_view)=0
Implements Digester::add().
Holds a certificate chain taken from a stack of OpenSSL X509 structures.
Holds a certificate taken from an OpenSSL X509 structure.
Holds protocol version information, etc.
An exception class for GSsl::OpenSSL classes.
A base interface for profile classes that work with concrete classes derived from GSsl::LibraryImpBas...
virtual std::unique_ptr< ProtocolImpBase > newProtocol(const std::string &, const std::string &) const =0
Factory method for a new Protocol object.
virtual bool verified() const =0
Implements Protocol::verified().
virtual std::string peerCertificate() const =0
Implements Protocol::peerCertificate().
virtual Protocol::Result connect(G::ReadWrite &)=0
Implements Protocol::connect().
virtual std::string cipher() const =0
Implements Protocol::cipher().
virtual Protocol::Result write(const char *, std::size_t, ssize_t &)=0
Implements Protocol::write().
virtual std::string protocol() const =0
Implements Protocol::protocol().
virtual Protocol::Result read(char *, std::size_t, ssize_t &)=0
Implements Protocol::read().
virtual std::string peerCertificateChain() const =0
Implements Protocol::peerCertificateChain().
virtual Protocol::Result accept(G::ReadWrite &)=0
Implements Protocol::accept().
virtual Protocol::Result shutdown()=0
Implements Protocol::shutdown().
An abstract interface for reading and writing from a non-blocking i/o channel.
An interface to an underlying TLS library.
TLS/SSL transport layer security classes.
std::vector< std::string > StringArray
A std::vector of std::strings.